<?php

class GTL_Controller_Plugin extends Zend_Controller_Plugin_Abstract {

    public function preDispatch(Zend_Controller_Request_Abstract $request) {

        //Create new Acl object
        $acl = new Zend_Acl();
        //load role model
        $roleModel = new Model_Role();
        $roleControllerArray = Array();
        $resources = $roleModel->getResources();

        // define roles
        $rolesArray = $roleModel->getRoles();
        $rolesIdArray = array_flip($rolesArray);
        foreach ($rolesArray as $role_id => $_roles) {
            $acl->addRole(new Zend_Acl_Role($_roles));
        }

        foreach ($resources as $controller_key => $_controller) {
            $acl->addResource(new Zend_Acl_Resource(strtolower($_controller['res_controller_name'])));
        }

        $auth = Zend_Auth::getInstance();
        $storage = new Zend_Auth_Storage_Session(Zend_Registry::get('sessionName'));
        $auth->setStorage($storage);
        $user = $auth->getIdentity();

        if ($request->getModuleName() == 'default') {
            //Check User is Logged In
            if ($user != null && $request->getControllerName() != 'logout') {
                if ($user->role == 'ADMIN' && $user->roletype == 'SuperAdmin') {
                    //Alow every thing to the ADMIN
                    $acl->allow($user->role);
                } else {
                    $roleId = $rolesIdArray[$user->role];
                    //Load the roles given by Admin
                    $roleAccessArray = $roleModel->fetchEntryByloginId($user->lgn_id);
                    
                     //Define priveleges set by the Admin 
                    $roleControllerArray=array();
                    
                    foreach ($roleAccessArray as $_value) {
                        $roleControllerArray[$_value['role_controller_name']][$_value['role_action_name']] = true;
                        $acl->allow($user->role, $_value['role_controller_name'], $_value['role_action_name']);
                    }
                   
                    //create array for menu authorization
                   /* $rolecontroller = $roleModel->fetchEntryByloginId($user->lgn_id,"",'role_controller_name');
                    foreach ($rolecontroller as $_key => $_convalue){
                        $roleControllerArray[$_key]=$_convalue['role_controller_name'];
                    }
                    foreach ($roleControllerArray as $_controller => $_convalue){
                        $where="role_controller_name='".$_convalue."'";
                        $roleactionArray = $roleModel->fetchEntryByloginId($user->lgn_id,$where);
                        foreach ($roleactionArray as $_actionkey => $_actionvalue) {
                             $rolefinalArray[$_convalue][$_actionvalue['role_action_name']]=1;
                        }
                    }
                    */
                    // define global privileges to all the user , this are the ajax functions
                    $GLOBAL_RESOURCES_ARRAY = $roleModel->getGlobalResources();

                    foreach ($GLOBAL_RESOURCES_ARRAY as $_controller => $_action) {
                        //echo $_action['res_controller_name']."==".$_action['res_action_name']."<br>";
                        $acl->allow($user->role, $_action['res_controller_name'], $_action['res_action_name']);
                    }
                }

                // setup acl in the registry for more
                Zend_Registry::set('acl', $acl);
                Zend_Registry::set('role_access', $roleControllerArray);

                // check permissions

                if (!$acl->isAllowed($user->role, $request->getControllerName(), $request->getActionName())) {
                    $request->setControllerName('index');
                    $request->setActionName('unauthorized');
                }
            }
        }
    }

}

?>